Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier


For fun I put this on the Equinox web site at
        http://dev.eclipse.org/viewcvs/indextech.cgi/~checkout~/equinox-home/security/verifier.html

After the transition we should have a Wiki on the site and that will make things much easier.

Jeff


Thomas Watson <tjwatson@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

09/22/2005 10:37 AM

Please respond to
Equinox development mailing list

To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier






The org.eclipse.osgi.jarverifier project is a fragment to the OSGi Framework implementation (org.eclipse.osgi).  This fragment supplies the support for verifying the signitures of bundles.  The verification code is needed by the framework adaptor very early when the framework is loading the bundles at startup.  This requires the jarverifier to be specified as a framework extension in the config.ini.  Here are the steps to use the jarverifier:


1) Extract and build the jarverifier project from the equinox repository at org.eclipse.equinox/phase2/org.eclipse.osgi.jarverifier.  This should produce a org.eclipse.osgi.jarverifier_1.0.0.jar file.

2) Place this file into the plugins directory of your eclipse target.  This needs to be the same directory where the org.eclipse.osgi_3.1.0.jar file is located.

3) Add the following lines to the config.ini or pass these as VM property arguments:

       osgi.framework.extensions=org.eclipse.osgi.jarverifier

       eclipse.security=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager


If you want to selfhost with the org.eclipse.osgi.jarverifier in your workspace then you must also have the org.eclipse.osgi project in your workspace.  When self-hosting it is easiest to set the osgi.framework.extensions and eclipse.securty properties as -D VM arguments


The jarverifier will search for keystores in 3 standard locations:

1) "file:" + System.getProperty("java.home") + "/lib/security/cacerts"

2) "file:" + System.getProperty("user.home") + "/.keystore"

3) Look in any java policy files which are configured in the Security properties.  This is done by setting the policy.uri.<number> properties in the security/java.security file of your installed JRE these properties are used to set the default java.policy files that should be used by the JRE.  A java.policy may specify a keystore to use.


In addition to these 3 standard java locations the jarverifier will also look for a keystore at the URL specified by the "osgi.framework.keystore" system property.  If you sign bundles with a private key for which no public key exists in one of the standard keystores then you must import your personal public key into one of the supported keystores.


Tom




Pascal Rapicault <Pascal_Rapicault@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

09/21/2005 09:04 PM

Please respond to
Equinox development mailing list

To
equinox-dev@xxxxxxxxxxx
cc
Subject
[equinox-dev] Using the org.eclipse.osgi.jar.verifier








Hello,

Could someone post an example on how is the org.eclipse.osgi.jarverifier bundle supposed to be used?

I'm looking for something that wiill contain all the details about keystore and other painful details like that.


ThX


PaScaL
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev

_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev


Back to the top